<?php
@set_time_limit(0);
@error_reporting(0);

# Script......: JooMla & WordPreSs Get Plugins and CoMPosent V 2.0 ..!
# Author......: Lagripe-Dz [ at ] HoTMail [ dot ] CoM
# Revamped By.: MacGuyv3r
# HoMe........: wWw.sEc4EvEr.CoM
# Date........: 22/12/2010
# Last Update.: 12/07/2012
# Gr33tz to...: All MeMber'z 0f wWw.sEc4EvEr.CoM & wWw.sEc-wAr.CoM & wWw.r00tw0rm.com
# Updated.....: Added auto detect for Wordpress or Joomla! Farmework. Plus it will try to get version number and filter for plugins installed.
#               Must have curl installed! It also can detect jquery plugins

if (!defined('PHP_VERSION_ID')) {
    $version = explode('.', PHP_VERSION);

    define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
}

// Script Functions
function ask_exploit_db($component){
	
	$html="";
    $url = 'http://www.exploit-db.com/search/';
    $params = array('action' => 'search',
					'filter_page' => 1,
					'filter_description'=>$component,
					'filter_exploit_text' => '',
					'filter_author' => '',
					'filter_platform' => 0,
					'filter_type' => 0,
					'filter_lang_id' => 0,
					'filter_port' => '',
					'filter_osvdb' => '',
					'filter_cve' => '',
					);
					
    $url .= '?' . http_build_query($params);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HEADER, false);
    $data = curl_exec($ch);
    $status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);
	
	// prevent warnings in php 5.3 and up
    if (PHP_VERSION_ID > 50300) {
		
			if (preg_match("(No\sresults)i",$data)){
				$html="<td>Not Found</td><td><a href='http://www.google.com/search?hl=en&q=download+$component'>Download</a></td></tr>";
			}else{
				$html="<td><a href='$url'>Found ..!</a></td><td><--</td></tr>";
			}
		
	} else {
		
		if (eregi("No results",$data)){
			$html="<td>Not Found</td><td><a href='http://www.google.com/search?hl=en&q=download+$component'>Download</a></td></tr>";
		}else{
			$html="<td><a href='$url'>Found ..!</a></td><td><--</td></tr>";
		}
		
	}
	
	return $html;
}

function get_site($site){ 

	$ch = curl_init();
	$timeout = 0;
	curl_setopt ($ch, CURLOPT_URL, $site);
	curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
	
	ob_start();
	curl_exec($ch);
	curl_close($ch);
	$source = ob_get_contents();
	ob_end_clean();

	return $source;
}

function get_framework($source){  
	
	$data['html']="";
	$data['type']="";
	
	$framework="[~] Unknown!";
	
	preg_match_all('{(wordpress)}i',$source,$f1);
	preg_match_all('{(joomla)}i',$source,$f3);

	$f1=array_merge($f1);
	
	if(is_array($f1) && !empty($f1[0][0]) ){
		
		$data['type']=$framework="WordPress";
		
		// try and get version
		preg_match_all('{(WordPress)(\s)(\d+\.*)*}i',$source,$f2);
		
		if( is_array($f2) ){

    		foreach ($f2 as $key => $value){
							
				if(strlen($value[0]) > strlen($framework) )
					$framework= $value[0];	
			}	
	
		}
		
	} else if(is_array($f3) && !empty($f3[0][0]) ) {
		
		$data['type']=$framework="Joomla!";
		
		// try and get version
		preg_match_all('{(Joomla\!)(\s)(\d+\.*)*}i',$source,$f4);
		
		if( is_array($f4) )
		{
			foreach ($f4 as $key => $value){		
				
					if(strlen($value[0]) > strlen($framework) )
						$framework= $value[0];	
			}	
		}
				
	}

	$data['html'].='<div class="tableContainer"><table align="center" border="1" width="50%" cellspacing="1" cellpadding="5">';
	$data['html'].='<tr ><td class="sectionHeader">Framework</td><td class="sectionCol">Exploit-db</b></td><td class="sectionCol">Exploit it !</td></tr>';		
	$data['html'].="<tr class='row'><td>$framework</td>";
	$data['html'].=ask_exploit_db($framework);

	$data['html'].='</table></div>';
	
	return $data;	

}

function get_components($source){  

	preg_match_all('{option,(.*?)/}i',$source,$f);
	preg_match_all('{option=(.*?)(&amp;|&|")}i',$source,$f2);
	preg_match_all('{/components/(.*?)/}i',$source,$f3);
	
	$arz=array_merge($f2[1],$f[1],$f3[1]);
	
	$coms=array();
	echo'<div class="tableContainer"><table align="center" border="1" width="50%" cellspacing="1" cellpadding="5">';
	echo'<tr ><td class="sectionHeader">Joomla Components</td><td class="sectionCol">Exploit-db</b></td><td class="sectionCol">Exploit it !</td></tr>';		
	if(count($arz)==0){ echo "<tr class='row'><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}
	
	foreach(array_unique($arz) as $x){	
		$coms[]=$x;
	}

	foreach($coms as $comm){
	
		echo "<tr class='row'><td>$comm</td>";
		echo ask_exploit_db($comm);
	}
	
	echo'</table></div>';	

	$coms= NULL;

}

function get_plugins($source){ 

	preg_match_all("#/plugins/(.*?)/#i", $source, $f);
	
	$plugins=array_unique($f[1]);
	echo'<div class="tableContainer"><table align="center" border="1" width="50%" cellspacing="1" cellpadding="5">';	
	echo'<tr ><td class="sectionHeader">Word Press Plugins</td><td class="sectionCol">Exploit-db</b></td><td class="sectionCol">Exploit it !</td></tr>';
	
	if(count($plugins)==0){ echo "<tr class='row'><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}
	
	foreach($plugins as $plugin){
	
		echo "<tr class='row'><td>$plugin</td>";	
		echo ask_exploit_db($plugin);
	}
	
	echo'</table></div>';	

}

function get_jquery($source){ 

	preg_match_all("(jquery.*\.js)", $source, $f1);
	preg_match_all("(motools.*\.js)", $source, $f2);
	
	$js=array_unique(array_merge($f1[0],$f2[0]));	
	
	echo'<div class="tableContainer"><table align="center" border="1" width="50%" cellspacing="1" cellpadding="5">';	
	echo'<tr ><td class="sectionHeader">JavaScript Libs</td></tr>';
	if(count($js)==0){ echo "<tr class='row'><td colspan=3>[~] Nothing Found ..!</td></tr>";}
	
	foreach($js as $j){	
		echo "<tr class='row'><td>$j</td></tr>";	
	}
	
	echo'</table></div>';	
	
}

function t_header($site){

	echo'<div class="siteHeader"><h2>Scanned : <a href="'.$site.'" target="_blank">'.$site.'</a></h2></div>';
}

?>
<html>
<head>
<meta http-equiv="Content-Language" content="fr">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>#~ JooMla &amp; WordPreSs Get Plugins and CoMPosent v 2.0</title>
<style>
body, input, table, select {
	background: black;
	font-family:Verdana, tahoma;
	color: white;
	font-size:12px;
}
input, select {
	padding:5px;
	border: 1px solid #C7C7C7;
}

select {
	padding:3px;
}
a:link, a:active, a:visited {
	text-decoration: none;
	color: red;
}
a:hover {
	text-decoration: underline;
	color: red;
}
table, td, tr {
	border-style:solid;
	text-decoration:bold;
}
tr.row:hover {
	background-color: #C3C3C3;
	color:#161616;
}
.siteHeader {
	text-align:center;
}
.tableContainer {
	padding:10px;
}
.sectionHeader {
	font-weight:bold;
	color:#950000;
	font-size:14px;
}
.sectionCol {
	font-weight:bold;
	font-size:14px;
}
h1 {
	padding-top:20px;
	font-size:24px;
}
h2 {
	font-size:18px;
}
</style>
</head>
<body>
<form method="POST" action="<?php echo $_PHP['SELF']; ?>">
  <h1 align="center">#~ JooMla &amp; WordPreSs, CoMposent ScaN v 2.0</h1>
  <p align="center">( now with auto detect! ) </p>
  <p align="center">Site:
    <input type="text" name="site" style="width:40%" value="" onClick="this.value='';">
    <input type="submit" value="ScaN">
  </p>
</form>
<?
// start :P :P ...
if($_POST && isset($_POST['site']) && !empty($_POST['site'])){

	$site=strip_tags(trim($_POST['site']));	
	
	if(!empty($site)){
		
		t_header($site);
		$siteData=get_site($site);
	
		if(!empty($siteData))
		{
			
			$data=get_framework($siteData);
			echo $data['html'];
			
			if($data['type']=='WordPress')
				get_plugins($siteData);
			else if($data['type']=='Joomla!')
				get_components($siteData);

			get_jquery($siteData);
		}
	
	}

}
?>
</body>
</html>
<?
#~EnD ..! All Right Reserved To Lagripe-Dz [d0t] HoTMail [d0t] CoM and wWw.sEc4EvEr.CoM
?>